diff options
author | Martin Willi <martin@revosec.ch> | 2010-09-03 18:24:03 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-09-03 18:24:03 +0200 |
commit | 4e68c1cfdc31891d74789390c5834b762a705783 (patch) | |
tree | 903195801741c1e1f93ad804f93b2d039906a4ad /src | |
parent | 4254257f9d8da77c2d9846c6956873a19a428283 (diff) | |
download | strongswan-4e68c1cfdc31891d74789390c5834b762a705783.tar.bz2 strongswan-4e68c1cfdc31891d74789390c5834b762a705783.tar.xz |
Do not propose (EC)DHE suites if we do not support them
Diffstat (limited to 'src')
-rw-r--r-- | src/libtls/tls_crypto.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 2fb5a1feb..49ee88def 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -625,7 +625,9 @@ static void filter_suite(private_tls_crypto_t *this, !current.encr || current.encr == suites[i].encr) && (!current.mac || current.mac == suites[i].mac) && (!current.prf || current.prf == suites[i].prf) && - (!current.hash || current.hash == suites[i].hash)) + (!current.hash || current.hash == suites[i].hash) && + (suites[i].dh == MODP_NONE || + !current.dh || current.dh == suites[i].dh)) { suites[remaining] = suites[i]; remaining++; @@ -712,6 +714,8 @@ static void build_cipher_suite_list(private_tls_crypto_t *this, lib->crypto->create_prf_enumerator); filter_suite(this, suites, &count, offsetof(suite_algs_t, hash), lib->crypto->create_hasher_enumerator); + filter_suite(this, suites, &count, offsetof(suite_algs_t, dh), + lib->crypto->create_dh_enumerator); free(this->suites); this->suite_count = count; |